cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject [1/6] git commit: updated refs/heads/master to 70c79ad
Date Tue, 06 Dec 2016 20:06:18 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/master 08a5ef7cc -> 70c79ad13


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/abfcd5b9/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/bco/BcoSocketWrapperImpl.java
----------------------------------------------------------------------
diff --git a/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/bco/BcoSocketWrapperImpl.java
b/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/bco/BcoSocketWrapperImpl.java
index eb5d7d0..3d6635c 100644
--- a/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/bco/BcoSocketWrapperImpl.java
+++ b/services/console-proxy-rdp/rdpconsole/src/main/java/streamer/bco/BcoSocketWrapperImpl.java
@@ -16,23 +16,24 @@
 // under the License.
 package streamer.bco;
 
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.security.SecureRandom;
-import java.security.Security;
-
 import org.apache.log4j.Logger;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.crypto.tls.CertificateVerifyer;
-import org.bouncycastle.crypto.tls.TlsProtocolHandler;
+import org.bouncycastle.crypto.tls.Certificate;
+import org.bouncycastle.crypto.tls.DefaultTlsClient;
+import org.bouncycastle.crypto.tls.ServerOnlyTlsAuthentication;
+import org.bouncycastle.crypto.tls.TlsAuthentication;
+import org.bouncycastle.crypto.tls.TlsClientProtocol;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
 import streamer.Direction;
 import streamer.Event;
 import streamer.SocketWrapperImpl;
 import streamer.ssl.SSLState;
 
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.SecureRandom;
+import java.security.Security;
+
 @SuppressWarnings("deprecation")
 public class BcoSocketWrapperImpl extends SocketWrapperImpl {
     private static final Logger s_logger = Logger.getLogger(BcoSocketWrapperImpl.class);
@@ -41,7 +42,7 @@ public class BcoSocketWrapperImpl extends SocketWrapperImpl {
         Security.addProvider(new BouncyCastleProvider());
     }
 
-    private TlsProtocolHandler bcoSslSocket;
+    private TlsClientProtocol bcoSslSocket;
 
     public BcoSocketWrapperImpl(String id, SSLState sslState) {
         super(id, sslState);
@@ -60,25 +61,25 @@ public class BcoSocketWrapperImpl extends SocketWrapperImpl {
         try {
 
             SecureRandom secureRandom = new SecureRandom();
-            bcoSslSocket = new TlsProtocolHandler(socket.getInputStream(), socket.getOutputStream(),
secureRandom);
-
-            CertificateVerifyer client = new CertificateVerifyer() {
+            bcoSslSocket = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(),
secureRandom);
 
+            bcoSslSocket.connect(new DefaultTlsClient() {
                 @Override
-                public boolean isValid(X509CertificateStructure[] chain) {
-
-                    try {
-                        if (sslState != null) {
-                            sslState.serverCertificateSubjectPublicKeyInfo = chain[0].getSubjectPublicKeyInfo().getEncoded();
+                public TlsAuthentication getAuthentication() throws IOException {
+                    return new ServerOnlyTlsAuthentication() {
+                        @Override
+                        public void notifyServerCertificate(final Certificate certificate)
throws IOException {
+                            try {
+                                if (sslState != null) {
+                                    sslState.serverCertificateSubjectPublicKeyInfo = certificate.getCertificateAt(0).getSubjectPublicKeyInfo().getEncoded();
+                                }
+                            } catch (IOException e) {
+                                throw new RuntimeException("Cannot get server public key.",
e);
+                            }
                         }
-                    } catch (IOException e) {
-                        throw new RuntimeException("Cannot get server public key.", e);
-                    }
-
-                    return true;
+                    };
                 }
-            };
-            bcoSslSocket.connect(client);
+            });
 
             InputStream sis = bcoSslSocket.getInputStream();
             source.setInputStream(sis);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/abfcd5b9/tools/travis/before_script.sh
----------------------------------------------------------------------
diff --git a/tools/travis/before_script.sh b/tools/travis/before_script.sh
index bbfc447..5b649dc 100755
--- a/tools/travis/before_script.sh
+++ b/tools/travis/before_script.sh
@@ -20,7 +20,7 @@
 #
 export MAVEN_OPTS="-Xmx4096m -XX:MaxPermSize=800m -Djava.security.egd=file:/dev/urandom"
 echo -e "\nStarting simulator"
-mvn -Dsimulator -pl :cloud-client-ui jetty:run 2>&1 > /tmp/jetty-log &
+mvn -Dsimulator -Dorg.eclipse.jetty.annotations.maxWait=120 -pl :cloud-client-ui jetty:run
2>&1 > /tmp/jetty-log &
 
 while ! nc -vzw 5 localhost 8096 2>&1 > /dev/null; do grep Exception /tmp/jetty-log;
sleep 10; done
 echo -e "\nStarting DataCenter deployment"

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/abfcd5b9/utils/pom.xml
----------------------------------------------------------------------
diff --git a/utils/pom.xml b/utils/pom.xml
index ae1bf23..fcc0378 100755
--- a/utils/pom.xml
+++ b/utils/pom.xml
@@ -106,7 +106,7 @@
     </dependency>
     <dependency>
       <groupId>javax.servlet</groupId>
-      <artifactId>servlet-api</artifactId>
+      <artifactId>javax.servlet-api</artifactId>
       <scope>provided</scope>
     </dependency>
     <!-- Test dependency in mysql for db tests -->

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/abfcd5b9/utils/src/main/java/com/cloud/utils/PasswordGenerator.java
----------------------------------------------------------------------
diff --git a/utils/src/main/java/com/cloud/utils/PasswordGenerator.java b/utils/src/main/java/com/cloud/utils/PasswordGenerator.java
index 3ba54f2..3b6aa14 100644
--- a/utils/src/main/java/com/cloud/utils/PasswordGenerator.java
+++ b/utils/src/main/java/com/cloud/utils/PasswordGenerator.java
@@ -19,7 +19,10 @@
 
 package com.cloud.utils;
 
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
 import java.security.SecureRandom;
+import java.security.Security;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -40,6 +43,13 @@ public class PasswordGenerator {
 
     static private int minLength = 3;
 
+    static {
+        BouncyCastleProvider provider = new BouncyCastleProvider();
+        if (Security.getProvider(provider.getName()) == null) {
+            Security.addProvider(provider);
+        }
+    }
+
     public static String generateRandomPassword(int num) {
         Random r = new SecureRandom();
         StringBuilder password = new StringBuilder();

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/abfcd5b9/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
----------------------------------------------------------------------
diff --git a/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java b/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
index d43542f..3e70dda 100644
--- a/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
+++ b/utils/src/main/java/com/cloud/utils/security/CertificateHelper.java
@@ -19,6 +19,13 @@
 
 package com.cloud.utils.security;
 
+import com.cloud.utils.Ternary;
+import com.google.common.base.Preconditions;
+import com.google.common.base.Strings;
+import org.apache.commons.codec.binary.Base64;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.util.io.pem.PemReader;
+
 import java.io.BufferedInputStream;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
@@ -40,124 +47,143 @@ import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.ArrayList;
 import java.util.List;
 
-import com.cloud.utils.exception.CloudRuntimeException;
-import org.apache.commons.codec.binary.Base64;
+public class CertificateHelper {
+    public static byte[] buildAndSaveKeystore(final String alias, final String cert, final
String privateKey, final String storePassword) throws KeyStoreException, CertificateException,
+    NoSuchAlgorithmException, InvalidKeySpecException, IOException {
+        Preconditions.checkArgument(!Strings.isNullOrEmpty(alias), "Certificate alias cannot
be blank");
+        Preconditions.checkArgument(!Strings.isNullOrEmpty(cert), "Certificate cannot be
blank");
+        Preconditions.checkArgument(!Strings.isNullOrEmpty(privateKey), "Private key cannot
be blank");
 
-import com.cloud.utils.Ternary;
-import org.bouncycastle.openssl.PEMReader;
+        final KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword);
 
-public class CertificateHelper {
-    public static byte[] buildAndSaveKeystore(String alias, String cert, String privateKey,
String storePassword) throws KeyStoreException, CertificateException,
-        NoSuchAlgorithmException, InvalidKeySpecException, IOException {
-        KeyStore ks = buildKeystore(alias, cert, privateKey, storePassword);
-
-        ByteArrayOutputStream os = new ByteArrayOutputStream();
-        ks.store(os, storePassword != null ? storePassword.toCharArray() : null);
-        os.close();
-        return os.toByteArray();
+        try (final ByteArrayOutputStream os = new ByteArrayOutputStream()) {
+            ks.store(os, storePassword != null ? storePassword.toCharArray() : null);
+            return os.toByteArray();
+        }
     }
 
-    public static byte[] buildAndSaveKeystore(List<Ternary<String, String, String>>
certs, String storePassword) throws KeyStoreException, NoSuchAlgorithmException,
-        CertificateException, IOException, InvalidKeySpecException {
-        KeyStore ks = KeyStore.getInstance("JKS");
-        ks.load(null, storePassword != null ? storePassword.toCharArray() : null);
+    public static byte[] buildAndSaveKeystore(final List<Ternary<String, String, String>>
certs, final String storePassword) throws KeyStoreException, NoSuchAlgorithmException,
+    CertificateException, IOException, InvalidKeySpecException {
+        Preconditions.checkNotNull(certs, "List of certificates to be saved in keystore cannot
be null");
+        char password[] = null;
+        if (storePassword != null) {
+            password = storePassword.toCharArray();
+        }
+        final KeyStore ks = KeyStore.getInstance("JKS");
+        ks.load(null, password);
 
         //name,cert,key
-        for (Ternary<String, String, String> cert : certs) {
+        for (final Ternary<String, String, String> cert : certs) {
             if (cert.third() == null) {
-                Certificate c = buildCertificate(cert.second());
+                final Certificate c = buildCertificate(cert.second());
                 ks.setCertificateEntry(cert.first(), c);
             } else {
-                Certificate[] c = new Certificate[certs.size()];
+                final Certificate[] c = new Certificate[certs.size()];
                 int i = certs.size();
-                for (Ternary<String, String, String> ct : certs) {
+                for (final Ternary<String, String, String> ct : certs) {
                     c[i - 1] = buildCertificate(ct.second());
                     i--;
                 }
-                ks.setKeyEntry(cert.first(), buildPrivateKey(cert.third()), storePassword
!= null ? storePassword.toCharArray() : null, c);
+                ks.setKeyEntry(cert.first(), buildPrivateKey(cert.third()), password, c);
             }
         }
 
-        ByteArrayOutputStream os = new ByteArrayOutputStream();
-        ks.store(os, storePassword != null ? storePassword.toCharArray() : null);
-        os.close();
-        return os.toByteArray();
+        try (final ByteArrayOutputStream os = new ByteArrayOutputStream()) {
+            ks.store(os, password);
+            return os.toByteArray();
+        }
     }
 
-    public static KeyStore loadKeystore(byte[] ksData, String storePassword) throws KeyStoreException,
CertificateException, NoSuchAlgorithmException, IOException {
-        assert (ksData != null);
-        KeyStore ks = KeyStore.getInstance("JKS");
-        ks.load(new ByteArrayInputStream(ksData), storePassword != null ? storePassword.toCharArray()
: null);
+    public static KeyStore loadKeystore(final byte[] ksData, final String storePassword)
throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
+        Preconditions.checkNotNull(ksData, "Keystore data cannot be null");
+        final KeyStore ks = KeyStore.getInstance("JKS");
+        try (final ByteArrayInputStream is = new ByteArrayInputStream(ksData)) {
+            ks.load(is, storePassword != null ? storePassword.toCharArray() : null);
+        }
 
         return ks;
     }
 
-    public static KeyStore buildKeystore(String alias, String cert, String privateKey, String
storePassword) throws KeyStoreException, CertificateException,
-        NoSuchAlgorithmException, InvalidKeySpecException, IOException {
+    public static KeyStore buildKeystore(final String alias, final String cert, final String
privateKey, final String storePassword) throws KeyStoreException, CertificateException,
+    NoSuchAlgorithmException, InvalidKeySpecException, IOException {
+        Preconditions.checkArgument(!Strings.isNullOrEmpty(alias), "Certificate alias cannot
be blank");
+        Preconditions.checkArgument(!Strings.isNullOrEmpty(cert), "Certificate cannot be
blank");
+        Preconditions.checkArgument(!Strings.isNullOrEmpty(privateKey), "Private key cannot
be blank");
 
-        KeyStore ks = KeyStore.getInstance("JKS");
-        ks.load(null, storePassword != null ? storePassword.toCharArray() : null);
-        Certificate[] certs = new Certificate[1];
+        char password[] = null;
+        if (storePassword != null) {
+            password = storePassword.toCharArray();
+        }
+        final KeyStore ks = KeyStore.getInstance("JKS");
+        ks.load(null, password);
+        final Certificate[] certs = new Certificate[1];
         certs[0] = buildCertificate(cert);
-        ks.setKeyEntry(alias, buildPrivateKey(privateKey), storePassword != null ? storePassword.toCharArray()
: null, certs);
+        ks.setKeyEntry(alias, buildPrivateKey(privateKey), password, certs);
         return ks;
     }
 
-    public static Certificate buildCertificate(String content) throws CertificateException
{
-        assert (content != null);
+    public static Certificate buildCertificate(final String content) throws CertificateException
{
+        Preconditions.checkNotNull(content, "Certificate content cannot be null");
 
-        BufferedInputStream bis = new BufferedInputStream(new ByteArrayInputStream(content.getBytes()));
-        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+        final BufferedInputStream bis = new BufferedInputStream(new ByteArrayInputStream(content.getBytes()));
+        final CertificateFactory cf = CertificateFactory.getInstance("X.509");
         return cf.generateCertificate(bis);
     }
 
-    public static Key buildPrivateKey(String base64EncodedKeyContent) throws NoSuchAlgorithmException,
InvalidKeySpecException, IOException {
-        KeyFactory kf = KeyFactory.getInstance("RSA");
-        PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(Base64.decodeBase64(base64EncodedKeyContent));
+    public static Key buildPrivateKey(final String base64EncodedKeyContent) throws NoSuchAlgorithmException,
InvalidKeySpecException, IOException {
+        Preconditions.checkNotNull(base64EncodedKeyContent);
+
+        final KeyFactory kf = KeyFactory.getInstance("RSA");
+        final PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(Base64.decodeBase64(base64EncodedKeyContent));
         return kf.generatePrivate(keysp);
     }
 
-    public static List<Certificate> parseChain(String chain) throws IOException {
+    public static List<Certificate> parseChain(final String chain) throws IOException,
CertificateException {
+        Preconditions.checkNotNull(chain);
 
-        List<Certificate> certs = new ArrayList<Certificate>();
-        PEMReader reader = new PEMReader(new StringReader(chain));
+        final List<Certificate> certs = new ArrayList<Certificate>();
+        try(final PemReader pemReader = new PemReader(new StringReader(chain));)
+        {
+            final PemObject pemObject = pemReader.readPemObject();
+            final CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
+            final ByteArrayInputStream bais = new ByteArrayInputStream(pemObject.getContent());
 
-        Certificate crt = null;
-
-        while ((crt = (Certificate)reader.readObject()) != null) {
-            if (crt instanceof X509Certificate) {
-                certs.add(crt);
+            for (final Certificate cert : certificateFactory.generateCertificates(bais))
{
+                if (cert instanceof X509Certificate) {
+                    certs.add(cert);
+                }
+            }
+            if (certs.isEmpty()) {
+                throw new IllegalStateException("Unable to decode certificate chain");
             }
         }
-        if (certs.size() == 0)
-            throw new IllegalArgumentException("Unable to decode certificate chain");
-
         return certs;
     }
 
-    public static String generateFingerPrint(Certificate cert) {
+    public static String generateFingerPrint(final Certificate cert) {
+        Preconditions.checkNotNull(cert, "Certificate cannot be null");
 
         final char[] HEX = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C',
'D', 'E', 'F'};
 
-        StringBuilder buffer = new StringBuilder(60);
+        final StringBuilder buffer = new StringBuilder(60);
         try {
 
-            MessageDigest md = MessageDigest.getInstance("SHA-1");
-            byte[] data = md.digest(cert.getEncoded());
+            final MessageDigest md = MessageDigest.getInstance("SHA-256");
+            final byte[] data = md.digest(cert.getEncoded());
 
-            for (int i = 0; i < data.length; i++) {
+            for (final byte element : data) {
                 if (buffer.length() > 0) {
                     buffer.append(":");
                 }
 
-                buffer.append(HEX[(0xF0 & data[i]) >>> 4]);
-                buffer.append(HEX[0x0F & data[i]]);
+                buffer.append(HEX[(0xF0 & element) >>> 4]);
+                buffer.append(HEX[0x0F & element]);
             }
 
-        } catch (CertificateEncodingException e) {
-            throw new CloudRuntimeException("Bad certificate encoding");
-        } catch (NoSuchAlgorithmException e) {
-            throw new CloudRuntimeException("Bad certificate algorithm");
+        } catch (final CertificateEncodingException e) {
+            throw new IllegalStateException("Bad certificate encoding");
+        } catch (final NoSuchAlgorithmException e) {
+            throw new IllegalStateException("Bad certificate algorithm");
         }
 
         return buffer.toString();


Mime
View raw message